PT-2017-11022 · Red Hat · Koji
Puiterwijk
·
Published
2017-10-06
·
Updated
2023-03-01
·
CVE-2017-1002153
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Koji version 1.13.0
Description
The issue arises from improper validation of SCM paths, enabling an attacker to bypass blacklisted paths for build submission.
Recommendations
For version 1.13.0, update to a newer version that properly validates SCM paths to prevent exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Koji